I am really new using web servers and security. I have just written a backend for my iOS app in PHP. It's hosted on a Linode apache server. The index.php us located at http://www.example.com/API/. I'm ...

Our setup is like this.
SOAP services are exposed and clients send requests to SOAP endpoints. Each node provides the SOAP services. There can be one or more (maximum 6) nodes as a cluster.
Multiple ...

I'm working on a solution to identify client Network Domain or Workgroup in a private network. Based on it, I must change some access permissions.
I can't do that through IP address because it isn't ...

I have a Root Certificate Authority and and Intermediate Certificate Authority.
I have created a certificate for the server. SSL on Apache is working fine.
Browser recognizes my Chain of Trust with ...

Could you suggest how to properly configure the right directories in CentOS 6.6? On a server running a framework Yii, which works with the runtime directories and assets. For these directories I need ...

Today I decided to run the apache-scalp script and it found a few issues. One was ranked as Impact 5, and I'd like to know if someone could explain what this does, and how to disable it?
The request ...

Some weeks ago, we enabled the HTTP Public Key Pinning header on our website. As per the specification, we included not only the SHA-256 fingerprint of our current RSA key, but also that of a backup ...

I'm studying the vulnerabilities of an old version of Apache, the 1.3.34. And I don't quite understand in what exact situation the CVE 2006-7098 vulnerability can be exploited. The README included in ...

I am working on a PHP website and my researches showed that it is entirely possible that the server can get hacked and the PHP files may get exposed. I store the MySQL DB Username and Password within ...

Can anyone verify this fix secures against the Logjam vulnerability for Apache Tomcat?
I'm sceptical about it's effectiveness, since it doesn't mention how to implement the user defined 2048 bit DH ...

I set up SSL connection on my apache web server and I just would like to find out is it enough to secure my connection between the MySQL server, the apache web server and the user's device. Because I ...

Hello I ran a apache web server on a windows xp pc on my home network. My antivirus picked up an attack, but didn't prevent it. It seems I had a Trojan attack on my apache.exe that got through. I know ...

I created an e-shop with e-books and they are stored in specific folder which is protected by a .htaccess file :
Order deny,allow
deny from all
allow from 127.0.0.1
The IP is the IP of the webpage, ...

I'm building a web service (a control panel for clients) (PHP on linux apache) and trying from the design to make it the most secure as I can,
Can anyone provide me with some kind of a check-list of ...

I have been pondering this question for some time now: Can you really use hostnames as access controls, especially when clients might be behind proxies or routers performing NAT (or any other shared ...

I am trying to put modsecurity in apache 2.4.7 a reverse proxy for a tomcat applcation. For a normal request it's throwing lots of logs about allowed methods even though the method used is get.
[Wed ...

I am currently working on penetration test of a web site that uses an Apache HTTP server. To test a vulnerability which is related to mod_cgi module, I need to know whether this web site uses mod_cgi ...

I just turned my server off yesterday, after it began to distribute comment spam across the internet, at an astounding rate over 70 "spams"/min, bottom of the line 1/2 gig ram VPS. I'm still trying to ...

Recently, I've seen periodic floods of traffic to my web servers with various Host headers that do not belong to us. The traffic appears to come primarily from China and a decent number seem to think ...

I've been monitoring some weird activity in the access logs for my site and I've noticed a couple of weird attempts against the server. I'm wondering if anyone has seen these before. It's an Apache ...

I have an Apache server which seems to be vulnerable to Path traversal, because when I test This url : http://localhost/ati/../test.txt
it will be changed to the this: http://localhost/test.txt
and ...

Recently, a website I hosted (wordpress I think) for a friend got hacked and all php pages had added code at the bottom in the form of "echo base64_encode(...);". Thus there were unwanted ads on very ...

I know it is not right to set a permission for the folder as 777, but if it is done so will it be possible to upload a file into that directory without ftp access ?
Here is what I mean
Lets say the ...